<?php
    session_start();
     
    if ($_SESSION['user_loggedin']) {
        die ("Already logged in... <script>document.location.href='main.php'</script>");
    } else {
        require_once('db.php'); //Require/include the file with the database connection information
        require_once('userlevel.php'); //Require/include the permissions file
        require_once('template.php'); //Require/include the template file
         
        //If a value has been given for the username and/or the password run the connect to script othewise display the login box
        if (isset($_POST['username']) || isset($_POST['password'])) {
             
            // check to make sure username and password fields are not empty
            if (empty($_POST['username'])) {
                die(errorpage ("Please enter your username!", 'Login'));
            }
            if (empty($_POST['password'])) {
                die(errorpage ("Please enter your password!", 'Login'));
            }
             
            //encrypt the user password to check it with the database
            $encrypted_userpassword = sha1($_POST['password']);
            //Clean up vars to make sure they are safe to use with the DB
            $username = mysql_escape_string($_POST['username']);
             
            //Connect to DB using db.php
            $db = new my_db;
             
            $db->query("SELECT * FROM login WHERE username = '$username' AND password = '$encrypted_userpassword'");
             
            // see if any rows were returned
            if ($db->nf() == 1) {
                // if a row was returned it means authentication was successful
                 
                // create session
                session_start();
                $db->next_record();
                $_SESSION['userlevel'] = $db->f('userlevel');
                $_SESSION['username'] = $db->f('username');
                $_SESSION['user_loggedin'] = TRUE;
                echo "Access granted! <br /> Forwarding to EightyThree...<script>document.location.href='main.php'</script><br />
                <br />
                If you aren't forwarded, Please click <a href='main.php' title='proceed to EightyThree'>here</a>.<br />";
            } else {
                // If no rows are found something must be wrong
                template_headtag('Login');
                template_header();
                template_left();
                errorbox('Incorrect username or password!');
                echo "<br />";
                loginbox();
                template_footer();
            }
             
        } else {
            // If the form has not yet been submited, display login form
            template_headtag('Login');
            template_header();
            template_left();
            echo "<div class='pageheadertext'>Login</div>";
            echo "<br />";
            loginbox();
            template_footer();
        } //Close the ifElse statement (Has the form been submited)
         
    }
?>
